An analyst finds that a malicious program contains the instructions add 10, eax followed by sub 10, eax. What technique was the attacker likely using?
An analyst finds that a malicious program contains the instructions add 10, eax followed by sub 10, eax. What technique was the attacker likely using?
The attacker is likely using ghostwriting. This technique involves inserting meaningless or redundant instructions into a program's code to make static analysis more difficult. The instructions 'add 10, eax' followed by 'sub 10, eax' do not alter the overall state of the eax register, serving to confuse or obfuscate the true intention of the code.
Ghostwriting involves inserting meaningless or redundant instructions into a program's code to make static analysis more difficult. In this case, the attacker is adding and subtracting the same value to the register eax, which doesn't have any functional effect on the program's behavior but can confuse or obfuscate static analysis tools by altering the flow of instructions.